If you own a Sony smartphone either the Android 4.4.2 or 4.4.4 KitKat firmware then inadvertently you may be transmitting your data back to the servers in China, even if you haven't installed any application.
Quite surprising but it's true. I know many of you haven't expected such practices from a Japanese company, but reports popping up at several forums suggest that some new Sony Xperia handsets seem to contain the Baidu spyware.
MYSTERIOUS BAIDU SPYWARE
About a month ago, a group of community users of Sony smartphone detected the presence of a strange folder, named "Baidu", mysteriously appeared from among those present in various versions of Android for these handsets.
The creepy part is that the folder is created automatically without the owners permission and there is no way of deleting it. Even if someone tries to remove it, it instantly reappears as well as unticking the folder from device administrator equally seems to do nothing, neither does starting the phone in Safe Mode.
"Just unpacked my Sony Z3 compact, haven't installed a single app and its connecting to China. I am not so concerned about the folder itself but my phone now has a constant connection to an IP address in Beijing which I am not too happy about." Reddit user commented.
The Baidu folder appears to be created by Sony's 'my Xperia' service each time a connection is made and is reported to be sending pings to China. There is no further information known on what these pings are transmitting but nevertheless they do seem to be transmitting.
PERSONAL INFORMATION SEND TO CHINA
Going deep, several users reported they found that the Chinese government is able to detect the status and identity of the device, take pictures and make videos without the consent of the user. A user, going by the handle Elbird, posted on Sony Forums that with the help of Baidu folder, the Chinese Government can:
- Read status and identity of your device
- Make pictures and videos without your knowledge
- Get your exact location
- Read the contents of your USB memory
- Read or edit accounts
- Change security settings
- Completely manage your network access
- Couple with bluetooth devices
- Know what apps you are using
- Prevent your device from entering sleep mode
- Change audio settings
- Change system settings
AFFECTED PRODUCTS
Thankfully this is a spyware and you can check to see if you have or not. If you see the folder named Baidu in your device then your device contains the spyware. But, for users it isn't the folder which seems to be the real cause for concern, though; it's the fact that the phones open a connection to servers.
According to the reports affected devices include the new Sony Xperia Z3 and Z3 Compact, and several users from the Reddit community have also reported about the presence of this folder on their mobile phones, too — and not necessarily phones made by Sony. One owns an HTC One M7, another an HTC One X, a few others the OnePlus One.
STEPS TO DISABLE BAIDU SPYWARE
- Backup your important data and factory reset the device.
- Turn on the device and go to Settings -> Apps -> Running and Force stop both "MyXperia" apps.
- Then remove the baidu folder using File Kommander app.
- Go to Settings -> About Phone -> Click 7 times on the Build Number to enable developer mode.
- Download or Install the Android SDK on your computer and then connect the Sony device to it using USB cable.
- Run the adb tool terminal : adb shell
- In adb shell, type the command: pm block com.sonymobile.mx.android
- Exit adb shell
- Reboot the device.
Note that the spyware does not necessarily affect the process or functionality of your mobile devices, so you shouldn't be worried in this respect. Sony has not officially responded to this 'baidu' folder issue.
However, the company has recognized the issue and has said that in the next release the problem will be fixed. Unless Sony can roll out some kind of fix in the near future then it seems you might have to wait until Lollipop rolls out in January before you can get rid of Baidu.
Recently Chinese smartphone manufacturer Xiaomi has been called out for spying on personal user data using their smartphones. According to F-Secure Xiaomi Smartphones were sending user data back to the servers based in China.